CN108900530A - A kind of safe communication system and method - Google Patents

A kind of safe communication system and method Download PDF

Info

Publication number
CN108900530A
CN108900530A CN201810852923.8A CN201810852923A CN108900530A CN 108900530 A CN108900530 A CN 108900530A CN 201810852923 A CN201810852923 A CN 201810852923A CN 108900530 A CN108900530 A CN 108900530A
Authority
CN
China
Prior art keywords
terminal device
headend equipment
internet
data information
cloud platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810852923.8A
Other languages
Chinese (zh)
Inventor
刘熙胖
廖正赟
孙晓鹏
刘武忠
武宗品
梁松涛
雷宇龙
李鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN201810852923.8A priority Critical patent/CN108900530A/en
Publication of CN108900530A publication Critical patent/CN108900530A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention provides a kind of safe communication system and method, the safe communication system includes at least one headend equipment, at least one terminal device, NB-IOT communication base station and Internet of Things cloud platform, and each headend equipment and at least one terminal device carry out key agreement to generate session key;The headend equipment, for collecting the data information of Internet of Things front end and being encrypted using the session key;The NB-IOT communication base station is arranged between at least one headend equipment and the Internet of Things cloud platform, for the data information ciphertext of at least one headend equipment to be pushed to the Internet of Things cloud platform;The data information ciphertext that the Internet of Things cloud platform pushes at least one headend equipment converges, and carries out data processing operation;The terminal device is established with the Internet of Things cloud platform and is connected to the network, obtained the data information ciphertext in the Internet of Things cloud platform and be decrypted using the session key.

Description

A kind of safe communication system and method
Technical field
The present invention relates to wireless communication technology fields, specifically, relate to a kind of safe communication system and method.
Background technique
Bridge is during long-term operation, by the natural environment of Various Complex, the human factor of burst and bridge The combined influence of itself component aging equal various factors, inevitably leads to the different degrees of damage of structure.These damages If cannot find and handle in time, unpredictable consequence can be caused to the safe operation of bridge.According to statistics, China from What is had been reported so far from 2007 just has at least 34 bridges that cave-in accident, more than 200 people injury occurs.Therefore bridge knot The safe condition of structure is constantly subjected to the concern of the public.Traditionally, generally by being embedded to sensor in bridge structure, to detect it strong Health situation.But wired monitoring needs lay a large amount of cables transmission information, it is not only costly, but also install and tieed up with the later period Shield is also inconvenient, and it is even more impossible to accomplish long-term real-time monitoring.
Currently, industry has the transmission for carrying out bridge health data using NB-IOT communication module, i.e., by the micro-control of sensor Device processed is connected with NB-IOT wireless communication module, and the data of sensor acquisition are logical by NB-IOT wireless communication module and NB-IOT Letter is wirelessly transferred between base station, and sends Internet of Things cloud platform for the data of acquisition, consequently facilitating extraneous terminal clothes Business device transfers corresponding data from Internet of Things cloud platform.However, due to the number between Internet of Things cloud platform and terminal server It is easier to crack according to transmission channel, once other people have therefrom distorted data, then the supervision department of bridge is easily according to the number of mistake It is believed that breath does the judgement to make mistake, it would be possible to cause serious consequence to society and country.
In order to solve the above problems, people are seeking always a kind of ideal technical solution.
Summary of the invention
The purpose of the present invention is in view of the deficiencies of the prior art, pass to provide one kind and can be realized data information security Defeated safe communication system and method.
To achieve the goals above, the technical scheme adopted by the invention is that:A kind of safe communication system, including:At least One headend equipment, at least one terminal device, NB-IOT communication base station and Internet of Things cloud platform,
Each headend equipment and at least one terminal device carry out key agreement to generate session key;
The headend equipment, for collecting the data information of Internet of Things front end and being encrypted using the session key;
The NB-IOT communication base station is arranged between at least one headend equipment and the Internet of Things cloud platform, near The data information ciphertext of a few headend equipment pushes to the Internet of Things cloud platform;
The data information ciphertext that the Internet of Things cloud platform pushes at least one headend equipment converges, and carries out at data Reason operation;
The terminal device is established with the Internet of Things cloud platform and is connected to the network, obtains the data in the Internet of Things cloud platform Information ciphertext is simultaneously decrypted using the session key.
Based on above-mentioned, the headend equipment includes microprocessor, acquisition module, the first security module and NB-IOT communication mould Block;
The acquisition module is electrically connected with the microprocessor, and the data information for acquiring target environment is sent to described Microprocessor;
The microprocessor is electrically connected, for controlling described in the first security module use with first security module The data information is encrypted in session key;
The NB-IOT communication module, connect with the microprocessor, for sending data information ciphertext.
Based on above-mentioned, the headend equipment further includes the memory module and power supply mould for being electrically connected at the microprocessor Block, the storage mould are used to store the data information of the acquisition module acquisition;The power module is used for the micro process Device, the acquisition module, first security module and the NB-IOT communication module and memory module power supply.
Based on above-mentioned, the headend equipment further includes signal conditioning circuit and A/D converter, the signal conditioning circuit electricity Property is connected to the acquisition module, and the datagram number for acquiring to the acquisition module is amplified, is filtered;It is described A/D converter is electrically connected in the signal conditioning circuit and the microprocessor, for by amplification, filtering processing The datagram number afterwards carries out analog-to-digital conversion, and is sent to the microprocessor and is analyzed and processed.
Based on above-mentioned, the terminal device includes processor, network communication module, the second security module and display module; The network communication module is electrically connected at the processor, close for receiving the data information from the Internet of Things cloud platform Text;Second security module is electrically connected at the processor, for close to the data information using the session key Text is decrypted;The display module is electrically connected at the processor, for showing the second security module decryption Data information afterwards.
The present invention also provides a kind of safety communicating method based on the safe communication system, the safety communicating methods Including:
One headend equipment and a terminal device carry out key agreement to generate session key;
The data information of the headend equipment acquisition target environment, and the data information is added using the session key Close processing;
Data information ciphertext is pushed to Internet of Things cloud platform by one NB-IOT communication base station;
The data information ciphertext is transferred to the terminal device by network by the Internet of Things cloud platform;
The terminal device is decrypted the data information ciphertext using the session key, corresponding bright to obtain Literary information.
Based on above-mentioned, a headend equipment carries out key agreement with a terminal device and specifically includes:
The headend equipment and the terminal device carry out bidirectional identity authentication;
The headend equipment and the terminal device carry out key agreement and generate session key.
Based on above-mentioned, the headend equipment and the terminal device carry out bidirectional identity authentication and specifically include:
Its preset digital certificate and public and private key in the first security module of the headend equipment, the of the terminal device Its preset digital certificate and public and private key in two security modules include public key and identity information in the digital certificate;
The headend equipment sends connection request to the terminal device;
The terminal device respond the connection request and to the headend equipment return the terminal device digital certificate and Identity information through its private key signature;
The headend equipment verifies the legitimacy of the digital certificate of the terminal device, and is legal certificate in the digital certificate The identity information of the private key signature through the terminal device is decrypted in public key in the Shi Caiyong digital certificate, and compares solution Whether the identity information after close and the identity information in the terminal device digital certificate are consistent, to carry out to the terminal device Authentication;
Identity letter of the headend equipment to the digital certificate of terminal device return headend equipment and through its private key signature Breath;
The terminal device verifies the legitimacy of the digital certificate of the headend equipment, and is legal certificate in the digital certificate The identity information of the private key signature through the headend equipment is decrypted in public key in the Shi Caiyong digital certificate, and compares solution Whether the identity information after close and the identity information in the headend equipment digital certificate are consistent, to carry out to the headend equipment Authentication.
Based on above-mentioned, bidirectional identity authentication and cipher key agreement process between the headend equipment and the terminal device are It is completed in the transmission channel built based on the NB-IOT communication base station and the Internet of Things cloud platform.
Based on above-mentioned, it is specific that data information ciphertext by network is transferred to the terminal device by the Internet of Things cloud platform Including:
The Internet of Things cloud platform receives the data acquisition request that the terminal device is sent, and according to the data acquisition request Corresponding data information ciphertext is fed back to the terminal device;Or
The Internet of Things cloud platform timing pushes relevant data information ciphertext to the terminal device.
The present invention has substantive distinguishing features outstanding and significant progress compared with the prior art, specifically, of the invention Safe communication system and method make it have wide covering, low-power consumption, and support magnanimity and connect by introducing the NB-IoT communication technology The ability connect.Simultaneously by the way that the first security module and the second security module are respectively set in headend equipment and terminal device, from And build the exit passageway between headend equipment and terminal device, the terminal device for having filled a vacancy traditional and Internet of Things cloud platform it Between be easy to be intercepted the loophole of cleartext information by third party, effectively prevent malicious attacker therefrom intercepted data information, guarantee data The safety of transmission.
Detailed description of the invention
Fig. 1 is the schematic diagram of safe communication system of the present invention.
Fig. 2 is the structural block diagram of the headend equipment in safe communication system described in Fig. 1.
Fig. 3 is the structural block diagram of the terminal device in safe communication system described in Fig. 1.
Fig. 4 is the flow diagram of safety communicating method of the present invention.
Fig. 5 is the flow diagram of key agreement step in safety communicating method of the present invention.
In figure:100. safe communication system;10. headend equipment;11. microprocessor;12. acquisition module;13. the first safety Module;14. NB-IOT communication module;15. memory module;16. power module;20. NB-IOT communication base station;30. Internet of Things Net cloud platform;40. terminal device;41. microprocessor;42. network communication module;43. the second security module;44. display module.
Specific embodiment
Below by specific embodiment, technical scheme of the present invention will be described in further detail, it is clear that described Embodiment be only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ability Domain those of ordinary skill every other embodiment obtained without making creative work, belongs to guarantor of the present invention The range of shield.
It should be noted that it can be directly to separately when a component is considered as " connection " another component One component may be simultaneously present component placed in the middle.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention The normally understood meaning of technical staff is identical.Term as used herein in the specification of the present invention is intended merely to description tool The purpose of the embodiment of body, it is not intended that in the limitation present invention.
As shown in Figure 1-Figure 3, the present invention provides a kind of safe communication system 100, is based on narrowband Internet of Things for constructing (Narrow Band Internet of Things, NB-IOT)Secure transmission tunnel, with guarantee transmission data it is accurate Property, legitimacy.
The safe communication system 100 includes:At least one headend equipment 10, NB-IOT communication base station 20, Internet of Things cloud Platform 30 and at least one terminal device 40;
Each headend equipment 10 carries out key agreement at least one terminal device 40 to generate session key;
The headend equipment 10, for collecting the data information of Internet of Things front end and being carried out at encryption using the session key Reason;
The NB-IOT communication base station 20 is arranged between at least one headend equipment 10 and the Internet of Things cloud platform 30, uses In the data information ciphertext of at least one headend equipment is pushed to the Internet of Things cloud platform;
The data information ciphertext that the Internet of Things cloud platform 30 pushes at least one headend equipment 10 converges, and according to visitor The demand at family carries out data processing operation;
The terminal device 40 is established with the Internet of Things cloud platform 30 and is connected to the network, obtains in the Internet of Things cloud platform 30 Data information ciphertext and be decrypted using the session key.
Preferably, the Internet of Things cloud platform 30 is OneNET platform of internet of things, and OneNET platform of internet of things is as connection With the center of data, various sensing networks and communication network are adapted to, and towards smart home, wearable device, car networking, shifting The multiple fields such as dynamic health, intelligence wound visitor are open.
Each headend equipment 10 includes microprocessor 11, acquisition module 12, the first security module 13, NB-IOT communication mould Block 14, memory module 15 and power module 16;The microprocessor 11 is electrically connected in the acquisition module 12, described One security module 13, the NB-IOT communication module 14, the memory module 15 and the power module 16, for controlling It states and is orderly operated between modules;The acquisition module 12, for acquiring target environment(Such as bridge)Data information;It is described First security module 13, the data information for acquiring to the acquisition module 12 is encrypted, and supports symmetric cryptography Algorithm, asymmetric cryptographic algorithm and hash, Hash cryptographic algorithm;The NB-IOT communication module 14 is believed for receiving data Breath ciphertext is simultaneously issued the data information ciphertext using the NB-IOT communication technology;The memory module 15, for being adopted to described The collection data information collected of module 12 carries out storage processing;The power module 16, for providing above-mentioned modules running Electric energy in the process, it is preferable that the power module 16 is lithium battery.
Specifically, the acquisition module 12 can be strain gauge, amount of deflection sensor, Crack Detection sensor, inclination angle Sensor, temperature sensor, air velocity transducer or displacement sensor, with target environment(Bridge)For illustrate each sensing The effect of device is as follows:
The strain gauge is detected based on strain caused by bridge force-bearing deformation;The strain gauge is to be based on Bridge occurs deflection deformation and is detected;The Crack Detection sensor is used to carry out the penetration of fracture and fracture width of bridge Detection;The obliquity sensor is used to detect the gradient in some face of bridge;The temperature sensor is for detecting bridge sheet The temperature of body;The air velocity transducer is for detecting the wind speed near bridge;Institute's displacement sensors are used for bridge The displacement that whole and part is occurred is detected.
In practical applications, the acquisition module 12 is not limited to the above-mentioned sensor type listed, should be according to target ring The data information acquired needed for border sets the concrete type of the acquisition module 12.
In a particular embodiment, each headend equipment 10 further includes signal conditioning circuit and A/D converter(It is not shown), The signal conditioning circuit is electrically connected at the acquisition module 12, the datagram number for acquiring to the acquisition module 12 It amplifies, be filtered;The A/D converter is electrically connected in the signal conditioning circuit and the microprocessor 11, for carrying out analog-to-digital conversion to the datagram number after amplifying, being filtered, and it is sent to the microprocessor 11 are analyzed and processed.
Each terminal device 40 includes processor 41, network communication module 42, the second security module 43 and display module 44.The network communication module 42 is electrically connected at the processor 41, for receiving from the Internet of Things cloud platform 30 Data information ciphertext;Second security module 43 is electrically connected at the processor 41, for using the session key pair The data information ciphertext is decrypted, and supports symmetric cryptographic algorithm, asymmetric cryptographic algorithm and hash, Hash password Algorithm;The display module 44 is electrically connected at the processor 41, to be decrypted for showing by second security module 43 Data information, and then watch convenient for user.
It is appreciated that the terminal device 40 can be computer, mobile phone, PAD etc..
As shown in figure 4, the present invention also provides a kind of safety communicating method based on above-mentioned safe communication system 100, packet Include following steps:
Step 1, a headend equipment 10 and a terminal device 40 carry out key agreement and generate session key;
Step 2, the headend equipment 10 acquires the data information of target environment;
Step 3, the headend equipment 10 is encrypted using data information of the session key to acquisition;
Step 4, data information ciphertext is pushed to Internet of Things cloud platform 30 by a NB-IOT communication base station 20;
Step 5, data information ciphertext is transferred to terminal device 40 by network by the Internet of Things cloud platform 30;
In some embodiments, firstly, the terminal device 40 issues request instruction, the object to the Internet of Things cloud platform 30 Networking cloud platform 30 authenticates the terminal device 40, if certification passes through, the Internet of Things cloud platform 30 is to described Terminal device 40 feeds back corresponding data information ciphertext;
In further embodiments, the Internet of Things cloud platform 30 authenticates the terminal device 40, if certification passes through, The Internet of Things cloud platform 30 pushes relevant data to the terminal device 40 according to the demand timing of the terminal device 40 Information ciphertext;
Step 6, the terminal device 40 is decrypted data information ciphertext using the session key, to be corresponded to Cleartext information.
Wherein, step 1, a headend equipment 10 and a terminal device 40 carry out key agreement and specifically include following steps:
Step 1-1, the headend equipment 10 and the terminal device 40 carry out bidirectional identity authentication;
Step 1-2, after bidirectional identity authentication is proved to be successful, the headend equipment 10 carries out key association with the terminal device 40 Quotient simultaneously generates session key.
As shown in figure 5, the step 1-1 is specifically included:
Step 1-1-1, the digital certificate of the preset headend equipment 10 in the first security module 13 of the headend equipment 10 And public and private key, and the digital certificate and public affairs of the preset terminal device 40 of the second security module 43 in the terminal device 40 Private key;
Step 1-1-2, the headend equipment 10 send connection request to the terminal device 40;
Step 1-1-3, the terminal device 40 respond the connection request and return to terminal device 40 to the headend equipment 10 Digital certificate(Containing public key)And the identity information through its private key signature;
Whether step 1-1-4, the headend equipment 10 verify the digital certificate of the terminal device 40 by the center the CA institute trusted It signs and issues, to verify the legitimacy of the digital certificate of the terminal device 40;Then using the public key in the digital certificate to warp The identity information of the private key signature of the terminal device 40 is decrypted, and the identity information compared after decryption is set with the terminal Whether the identity information in standby 40 digital certificates is consistent, if unanimously, the headend equipment 10 is completed to the terminal device The certification of 40 identity;
Step 1-1-5, the headend equipment 10 return to the digital certificate of the headend equipment 10 to the terminal device 40(Containing public affairs Key)And the identity information through its private key signature;
Whether step 1-1-6, the terminal device 40 verify the digital certificate of the headend equipment 10 by the center the CA institute trusted It signs and issues, to verify the legitimacy of the digital certificate of the headend equipment 10;Then using the public key in the digital certificate to warp The identity information of the private key signature of the headend equipment 10 is decrypted, and compares in the identity information and digital certificate after decryption Identity information it is whether consistent, if unanimously, the terminal device 40 completes the certification to 10 identity of headend equipment.
In practical applications, the bidirectional identity authentication between the headend equipment 10 and the terminal device 40 and key association Quotient's process is completed in the transmission channel built based on the NB-IOT communication base station 20 and the Internet of Things cloud platform 30, is Length is simplified, technical solution is easy to understand, carries out bidirectional identification with the terminal device 40 introducing the headend equipment 10 When the step of Authentication and Key Agreement, the NB-IOT communication base station 20 and the Internet of Things cloud platform 30 are had been omitted from.
In communication process, regular time threshold value or data packet threshold value can be preset, when cumulative time or accumulative data When packet quantity reaches preset threshold, re-start the headend equipment 10 and the terminal device 40 bidirectional identity authentication and Key agreement may insure the safety communicated between the headend equipment 10 and the terminal device 40 in this way.
Safe communication system and method for the invention makes it have wide covering by introducing NB-IoT technology, low-power consumption, with And the ability of support magnanimity connection.Simultaneously by the way that described the is respectively set in the headend equipment 10 and the terminal device 40 One security module 13 and second security module 42, to build between the headend equipment 10 and the terminal device 40 Exit passageway, be easy between the terminal device for having filled a vacancy traditional and the Internet of Things cloud platform by third party intercept in plain text The loophole of information prevents malicious attacker therefrom intercepted data information, guarantees the safety of data transmission.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent The present invention is described in detail with reference to preferred embodiments for pipe, those of ordinary skills in the art should understand that:Still It can modify to a specific embodiment of the invention or some technical features can be equivalently replaced;Without departing from this hair The spirit of bright technical solution should all cover within the scope of the technical scheme claimed by the invention.

Claims (10)

1. a kind of safe communication system, which is characterized in that including:At least one headend equipment, at least one terminal device, NB- IOT communication base station and Internet of Things cloud platform,
Each headend equipment and at least one terminal device carry out key agreement to generate session key;
The headend equipment, for collecting the data information of Internet of Things front end and being encrypted using the session key;
The NB-IOT communication base station is arranged between at least one headend equipment and the Internet of Things cloud platform, near The data information ciphertext of a few headend equipment pushes to the Internet of Things cloud platform;
The data information ciphertext that the Internet of Things cloud platform pushes at least one headend equipment converges, and carries out at data Reason operation;
The terminal device is established with the Internet of Things cloud platform and is connected to the network, obtains the data in the Internet of Things cloud platform Information ciphertext is simultaneously decrypted using the session key.
2. safe communication system according to claim 1, it is characterised in that:The headend equipment includes microprocessor, adopts Collect module, the first security module and NB-IOT communication module;
The acquisition module is electrically connected with the microprocessor, and the data information for acquiring target environment is sent to described Microprocessor;
The microprocessor is electrically connected, for controlling described in the first security module use with first security module The data information is encrypted in session key;
The NB-IOT communication module, connect with the microprocessor, for sending data information ciphertext.
3. safe communication system according to claim 2, it is characterised in that:The headend equipment further includes being electrically connected at The memory module and power module of the microprocessor, the storage mould are used to store the data letter of the acquisition module acquisition Breath;The power module is used for logical to the microprocessor, the acquisition module, first security module and the NB-IOT Believe module and memory module power supply.
4. safe communication system according to claim 2 or 3, it is characterised in that:The headend equipment further includes signal tune Reason circuit and A/D converter, the signal conditioning circuit are electrically connected at the acquisition module, for adopting to the acquisition module The datagram number of collection is amplified, is filtered;The A/D converter be electrically connected in the signal conditioning circuit and The microprocessor for carrying out analog-to-digital conversion to the datagram number after amplifying, being filtered, and is sent to institute Microprocessor is stated to be analyzed and processed.
5. safe communication system according to claim 1, it is characterised in that:The terminal device includes processor, network Communication module, the second security module and display module;The network communication module is electrically connected at the processor, for receiving Data information ciphertext from the Internet of Things cloud platform;Second security module is electrically connected at the processor, is used for The data information ciphertext is decrypted using the session key;The display module is electrically connected at the processing Device, for showing the data information after second security module decryption.
6. a kind of safety communicating method based on the described in any item safe communication systems of claim 1-5, which is characterized in that institute Stating safety communicating method includes:
One headend equipment and a terminal device carry out key agreement to generate session key;
The data information of the headend equipment acquisition target environment, and the data information is added using the session key Close processing;
Data information ciphertext is pushed to Internet of Things cloud platform by one NB-IOT communication base station;
The data information ciphertext is transferred to the terminal device by network by the Internet of Things cloud platform;
The terminal device is decrypted the data information ciphertext using the session key, corresponding bright to obtain Literary information.
7. safety communicating method according to claim 6, it is characterised in that:One headend equipment carries out close with a terminal device Key negotiation specifically includes:
The headend equipment and the terminal device carry out bidirectional identity authentication;
The headend equipment and the terminal device carry out key agreement and generate session key.
8. safety communicating method according to claim 7, which is characterized in that the headend equipment and the terminal device into Row bidirectional identity authentication specifically includes:
Its preset digital certificate and public and private key in the first security module of the headend equipment, the of the terminal device Its preset digital certificate and public and private key in two security modules include public key and identity information in the digital certificate;
The headend equipment sends connection request to the terminal device;
The terminal device respond the connection request and to the headend equipment return the terminal device digital certificate and Identity information through its private key signature;
The headend equipment verifies the legitimacy of the digital certificate of the terminal device, and is legal certificate in the digital certificate The identity information of the private key signature through the terminal device is decrypted in public key in the Shi Caiyong digital certificate, and compares solution Whether the identity information after close and the identity information in the terminal device digital certificate are consistent, to carry out to the terminal device Authentication;
Identity letter of the headend equipment to the digital certificate of terminal device return headend equipment and through its private key signature Breath;
The terminal device verifies the legitimacy of the digital certificate of the headend equipment, and is legal certificate in the digital certificate The identity information of the private key signature through the headend equipment is decrypted in public key in the Shi Caiyong digital certificate, and compares solution Whether the identity information after close and the identity information in the headend equipment digital certificate are consistent, to carry out to the headend equipment Authentication.
9. safety communicating method according to claim 7 or 8, which is characterized in that the headend equipment is set with the terminal Bidirectional identity authentication and cipher key agreement process between standby are based on the NB-IOT communication base station and the Internet of Things cloud platform It is completed in the transmission channel built.
10. safety communicating method according to claim 6, which is characterized in that the Internet of Things cloud platform will by network Data information ciphertext is transferred to the terminal device and specifically includes:
The Internet of Things cloud platform receives the data acquisition request that the terminal device is sent, and according to the data acquisition request Corresponding data information ciphertext is fed back to the terminal device;Or
The Internet of Things cloud platform timing pushes relevant data information ciphertext to the terminal device.
CN201810852923.8A 2018-07-30 2018-07-30 A kind of safe communication system and method Pending CN108900530A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810852923.8A CN108900530A (en) 2018-07-30 2018-07-30 A kind of safe communication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810852923.8A CN108900530A (en) 2018-07-30 2018-07-30 A kind of safe communication system and method

Publications (1)

Publication Number Publication Date
CN108900530A true CN108900530A (en) 2018-11-27

Family

ID=64352308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810852923.8A Pending CN108900530A (en) 2018-07-30 2018-07-30 A kind of safe communication system and method

Country Status (1)

Country Link
CN (1) CN108900530A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109991999A (en) * 2019-03-29 2019-07-09 郑州信大捷安信息技术股份有限公司 Unmanned plane formation self aligning system and method
CN110022374A (en) * 2019-04-18 2019-07-16 宁波甬脉科技有限公司 Method for connecting network, device, communication equipment and storage medium based on Internet of Things
CN110086634A (en) * 2019-05-16 2019-08-02 济南浪潮高新科技投资发展有限公司 A kind of system and method for intelligent video camera head safety certification and access
CN111243129A (en) * 2018-11-29 2020-06-05 郑州信大捷安信息技术股份有限公司 Secure communication system and method for transmitting paper files
CN111757062A (en) * 2020-06-29 2020-10-09 郑州信大捷安信息技术股份有限公司 Efficient and safe transmission method and system for video stream
CN111757063A (en) * 2020-06-29 2020-10-09 郑州信大捷安信息技术股份有限公司 Video streaming transmission method and system based on 5G environment
CN111918284A (en) * 2020-07-24 2020-11-10 郑州信大捷安信息技术股份有限公司 Safe communication method and system based on safe communication module
CN112118254A (en) * 2020-09-16 2020-12-22 许永宾 Internet of things intelligent terminal device privacy data protection system
CN114499828A (en) * 2020-10-23 2022-05-13 京东方科技集团股份有限公司 Communication method, Internet of things terminal, gateway equipment and Internet of things system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202033191U (en) * 2011-04-08 2011-11-09 洛阳轴研科技股份有限公司 Intelligent wind driven generator bearing monitoring system based on Internet of things
CN103023653A (en) * 2012-12-07 2013-04-03 哈尔滨工业大学深圳研究生院 Low-power-consumption communication method and device for safety group of internet of things
CN103560879A (en) * 2013-10-09 2014-02-05 中国科学院信息工程研究所 Method for achieving lightweight authentication and key agreement
CN105163309A (en) * 2015-09-10 2015-12-16 电子科技大学 Method for secure communication of wireless sensor network based on combined password
US20160180100A1 (en) * 2014-12-18 2016-06-23 Joe Britt System and method for securely connecting network devices using optical labels
CN105791272A (en) * 2016-02-23 2016-07-20 青岛海尔智能家电科技有限公司 Method and device for secure communication in Internet of Things
CN107370597A (en) * 2017-07-11 2017-11-21 深圳市雪球科技有限公司 Safety certifying method and security certification system based on Internet of Things
CN107454079A (en) * 2017-08-04 2017-12-08 西安电子科技大学 Lightweight device authentication and shared key machinery of consultation based on platform of internet of things

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202033191U (en) * 2011-04-08 2011-11-09 洛阳轴研科技股份有限公司 Intelligent wind driven generator bearing monitoring system based on Internet of things
CN103023653A (en) * 2012-12-07 2013-04-03 哈尔滨工业大学深圳研究生院 Low-power-consumption communication method and device for safety group of internet of things
CN103560879A (en) * 2013-10-09 2014-02-05 中国科学院信息工程研究所 Method for achieving lightweight authentication and key agreement
US20160180100A1 (en) * 2014-12-18 2016-06-23 Joe Britt System and method for securely connecting network devices using optical labels
CN105163309A (en) * 2015-09-10 2015-12-16 电子科技大学 Method for secure communication of wireless sensor network based on combined password
CN105791272A (en) * 2016-02-23 2016-07-20 青岛海尔智能家电科技有限公司 Method and device for secure communication in Internet of Things
CN107370597A (en) * 2017-07-11 2017-11-21 深圳市雪球科技有限公司 Safety certifying method and security certification system based on Internet of Things
CN107454079A (en) * 2017-08-04 2017-12-08 西安电子科技大学 Lightweight device authentication and shared key machinery of consultation based on platform of internet of things

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111243129B (en) * 2018-11-29 2022-02-11 郑州信大捷安信息技术股份有限公司 Secure communication system and method for transmitting paper files
CN111243129A (en) * 2018-11-29 2020-06-05 郑州信大捷安信息技术股份有限公司 Secure communication system and method for transmitting paper files
CN109991999B (en) * 2019-03-29 2021-10-29 郑州信大捷安信息技术股份有限公司 Unmanned aerial vehicle formation self-positioning system and method
CN109991999A (en) * 2019-03-29 2019-07-09 郑州信大捷安信息技术股份有限公司 Unmanned plane formation self aligning system and method
CN110022374A (en) * 2019-04-18 2019-07-16 宁波甬脉科技有限公司 Method for connecting network, device, communication equipment and storage medium based on Internet of Things
CN110086634B (en) * 2019-05-16 2021-12-14 山东浪潮科学研究院有限公司 System and method for security authentication and access of intelligent camera
CN110086634A (en) * 2019-05-16 2019-08-02 济南浪潮高新科技投资发展有限公司 A kind of system and method for intelligent video camera head safety certification and access
CN111757063A (en) * 2020-06-29 2020-10-09 郑州信大捷安信息技术股份有限公司 Video streaming transmission method and system based on 5G environment
CN111757062A (en) * 2020-06-29 2020-10-09 郑州信大捷安信息技术股份有限公司 Efficient and safe transmission method and system for video stream
CN111918284A (en) * 2020-07-24 2020-11-10 郑州信大捷安信息技术股份有限公司 Safe communication method and system based on safe communication module
CN111918284B (en) * 2020-07-24 2022-02-11 郑州信大捷安信息技术股份有限公司 Safe communication method and system based on safe communication module
CN112118254A (en) * 2020-09-16 2020-12-22 许永宾 Internet of things intelligent terminal device privacy data protection system
CN114499828A (en) * 2020-10-23 2022-05-13 京东方科技集团股份有限公司 Communication method, Internet of things terminal, gateway equipment and Internet of things system
CN114499828B (en) * 2020-10-23 2024-04-30 京东方科技集团股份有限公司 Communication method, internet of things terminal, gateway equipment and Internet of things system

Similar Documents

Publication Publication Date Title
CN108900530A (en) A kind of safe communication system and method
Malasri et al. Addressing security in medical sensor networks
CN103581900B (en) Communication safety control method, device, the first mobile terminal and mobile healthy equipment
WO2014052505A3 (en) Biometric identification to authenticate user identity
CN103795541B (en) Secure communication method of electricity information acquisition system of 230M wireless private network channel
CN111372247A (en) Terminal secure access method and terminal secure access system based on narrowband Internet of things
CN103929741B (en) A kind of wireless body area network data encryption and transmission method based on function certification
CN113595744B (en) Network access method, device, electronic equipment and storage medium
CN109714360B (en) Intelligent gateway and gateway communication processing method
CN103368954A (en) Smart card registration entry method based on password and biological characteristics
CN103051869A (en) System and method for encrypting camera video in real time
CN104392172B (en) A kind of safety detection method and system based on Embedded industrial system
Hsiao et al. An authentication scheme to healthcare security under wireless sensor networks
CN106453353A (en) Method for authenticating cloud by user terminal
CN102916809A (en) Dynamic authentication method for intelligent power network control command based on state estimation
CN104994085B (en) Identity identifying method and system in a kind of wireless sensor network
CN208707655U (en) A kind of power distribution automation key agreement system
CN106789845A (en) A kind of method of network data security transmission
CN109889532A (en) Internet of things equipment safety certification and cryptographic key negotiation method based on environmental context
CN102752307B (en) Based on transmission method and the system of the video monitoring data of mark
CN110278077B (en) Method, device, equipment and storage medium for acquiring data information of electric energy meter
CN106878020A (en) Network system, the authentication method of the network equipment and device
CN107424619A (en) A kind of audio encryption algorithm and user ID authentication method and enciphering identifying method
CN105956428A (en) Computer auxiliary detection system
CN108199851A (en) A kind of data safe transmission method, apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181127

RJ01 Rejection of invention patent application after publication